Exam Results
SPLUNK-CORE ยท 10 questions ยท 15 min
Score
70.0%
Not yet
Correct
7
out of 10
Wrong
3
need review
Getting close โ review the wrong answers below and practice those topics.
Wrong Answers (3)
Q7 ยท Working with Events
Your answer: C
ยท
Correct: B
A Splunk analyst wants to categorize events from a web access log so that any event containing the term "error" in the status field is automatically labeled and can be searched as a group across multiple dashboards and reports. The analyst wants to avoid rewriting the same search logic repeatedly. Which Splunk feature should the analyst use, and what is the correct approach to implement it?
Loading...
Q9 ยท Search Language Fundamentals
Your answer: D
ยท
Correct: A
A Splunk analyst is investigating web traffic and needs to identify the top 5 destination ports being accessed, but wants to exclude any port that appears fewer than 100 times in the results. The analyst also wants the output table to display the columns labeled "Destination Port" and "Number of Connections" instead of the default field names. Which search correctly accomplishes all of these requirements?
Loading...
Q10 ยท Working with Events
Your answer: C
ยท
Correct: B
A Splunk analyst is working with web server logs and needs to create a way to automatically classify events so that any HTTP request with a response code between 500 and 599 is grouped as "server_error" and any request with a response code between 400 and 499 is grouped as "client_error". The analyst wants these classifications to persist across multiple searches and reports without rewriting filter conditions each time. After creating these classifications, the analyst wants to verify which classification applies to a specific event by using a search command. Which approach correctly implements this requirement and allows the analyst to verify the applied classification?
Loading...
Correct Answers (7)
โธ expand